Added warning about tls-remote in man page.

author James Yonan <james@openvpn.net>

Tue, 10 Aug 2010 17:31:31 +0000 (17:31 +0000)

committer James Yonan <james@openvpn.net>

Tue, 10 Aug 2010 17:31:31 +0000 (17:31 +0000)
author James Yonan <james@openvpn.net>
Tue, 10 Aug 2010 17:31:31 +0000 (17:31 +0000)
committer James Yonan <james@openvpn.net>
Tue, 10 Aug 2010 17:31:31 +0000 (17:31 +0000)
diff --git a/openvpn.8 b/openvpn.8

index 53aabdc1f7ac5a698978fe5240b399ceff764429..f523609a178d3f4ac5f0ff7a5ce3e9fbd5f153d5 100644 (file)
--- a/openvpn.8
+++ b/openvpn.8
@@ -4278,6 +4278,13 @@ or common name equal to
  The remote host must also pass all other tests
  of verification.
  
+.B NOTE:
+Because tls-remote may test against a common name prefix,
+only use this option when you are using OpenVPN with a custom CA
+certificate that is under your control.
+Never use this option when your client certificates are signed by
+a third party, such as a commercial web CA.
+
  Name can also be a common name prefix, for example if you
  want a client to only accept connections to "Server-1",
  "Server-2", etc., you can simply use
author	James Yonan <james@openvpn.net>
	Tue, 10 Aug 2010 17:31:31 +0000 (17:31 +0000)
committer	James Yonan <james@openvpn.net>
	Tue, 10 Aug 2010 17:31:31 +0000 (17:31 +0000)